You will find there's development server along with a live server with various database connection particulars (username, password, etc).
Presently we are storing Both database connection particulars inside a initial.php and something is selected if your DEFINE statement exists. We by hand include that DEFINE statement on our live server.
Is a secure approach? What exactly are better / alternative approachs for controlling DB connection security?
One results of this really is that each developer can easily see the database connection particulars and that is a little dangerous...
I personally use an .ini-file, that is then parsed via
This file is not under version control (much like the php-/template-/whatever-files). The like every machine I create that file (.database.ini) for that particular database connection.
Example .ini-apply for a MySQL-connection, using PDO:
[db_general] driver = "mysql" user = "USERNAME" password = "PASSWORD" ; DSN ; see http://www.php.net/manual/en/pdo.drivers.php [db_data_source_name] host = "localhost" port = 3306 dbname = "DATABASE_NAME" ; specify PDO-options, provide keys without PDO:: ; see http://www.php.net/manual/en/pdo.drivers.php [db_pdo_options] MYSQL_ATTR_INIT_COMMAND = "SET NAMES utf8" ; specify more PDO-attributes, provide keys without PDO:: ; see http://php.net/manual/en/pdo.setattribute.php [db_pdo_attributes] ATTR_CASE = "PDO::CASE_LOWER" ATTR_ERRMODE = "PDO::ERRMODE_EXCEPTION" ATTR_EMULATE_PREPARES = false
Since one can't use
:: within .ini-file-secrets, use
constant('PDO::' . $iniKey) inside your code to find the preferred PDO-constants.
I lately needed to cope with this problem, and things i did was create two new database customers. The very first didn't have rights whatsoever, apart from read rights on tables in the own schema. The 2nd had place rights to some "load" table I'd be inhabiting with my code.
The unprivileged user got a "qualifications" table in the schema, which held the qualifications and password from the place user (together with another parameters I desired for my application). Therefore the code only contained the qualifications for that unprivileged user, hard-coded and transformed periodically, and also at runtime it might lookup the qualifications it required to do card inserts. The research happened behind our firewall, between servers, therefore it wasn't something an outsider could eavesdrop on.
It had not been designers I had been concerned about, it had been outsiders and energy customers, who could theoretically access the net server and look at ini files. By doing this, only designers and DBAs could snoop (and everyone knows one another). Other people would need to learn how to query the database, evaluate which SQL to make use of, learn how to run code... Not possible, and surely a gigantic multi-step discomfort within the butt and never worthwhile.
Pretty safe -- theoretically, anyway...
Is kinda hard to safeguard the application from the designers which are utilizing it. My suggestions is to load all passwords from the config file and make 2 separate conditions: one for developing and something for that production server. Give full use of designers towards the developing machine so when moving towards the production server the applying will feed itself using the production config which is saved only on that machine and therefore inaccessible to many designers. This kind of security is much more of the process and you've got to define several steps, like who can access the development machines and who's doing the posting... etc.
Is a secure approach?
It is dependent in your meaning of safe.
every developer can easily see the database connection particulars
AFAIK, apart from while using default username/password/database within the php.ini file, this problem is virtually inevitable (and taking advantage of the defaults mean they have instantly got use of the database anyway).
I suppose you could utilize different include files encoded using zend encoder having a function which returns database handles - and hang in the scope and permissions for various files, nevertheless its tricky to isolate the PHP code the actual data. Another approach is always to restrict everything to webservices and implement a long permissions model within the webservice tier.